Ransomware Responsible for 42% of UK Security Breaches in 2015

IT managers are being urged to make their organization a “seriously ugly target” in order to deter cyber-criminals, after new research revealed 42% of security breaches in the UK last year were down to ransomware.

IT security reseller Foursys polled 400 UK IT managers and found nearly two-thirds (62%) expected security to be a higher priority this coming year.

Of the 15% that reported a security breach in 2015, 42% claimed to have been hit with ransomware, 10% reported “significant disruption to systems” and 11% said they’d lost data as a result.

Foursys managing director, James Miller, told Infosecurity that most attackers are looking for soft targets.

"They want a way in that will be efficient and cost-effective. So we are talking things like unpatched vulnerabilities in your applications, poor passwords – or unsuspecting staff that'll hand over passwords – and insufficient or out-of-date security software,” he added.

“The more impenetrable your castle, the more likely these criminals will be deterred."

Keeping patches up to date, running the latest version of your security software, and pen testing to discover unknown vulnerabilities will help in this, the firm said.

It’s also important to ensure staff are made aware of the latest threats and their potential impact on the business.

"Online extortion - whether it be by ransomware encrypting victims' files and locking up computers, or demanding payment to stop blasting websites offline through denial-of-service attacks – is surging and only likely to get worse in the next six months,” claimed security consultant Graham Cluley.

“Unless companies take steps now to reduce the risks with a layered defence and recovery procedures they may find themselves struggling to cope."

The past 12 months were notable for the sheer volume of new ransomware doing the rounds.

Bitdefender claimed in a December report that over half (54%) of all malware targeting UK users in 2015 contained some form of ransomware.

It’s easy to see why, given that many users are panicked into paying up rather than wave goodbye to important documents.

The group behind the CryptoWall ransomware managed to extort more than $325 million from US victims alone.

New variants are coming out all the time. Heimdal Security, for example, discovered a spam campaign back in September spreading ransomware with a 0% detection rate when run through all of the 57 anti-malware tools listed in VirusTotal.